Debugging url that fails with golang http client but works with curl

[an...@embed.ly]

I'm trying to get a handle on an issue I'm having requesting this URL:

http://www.bobiler.org/

When I request with curl, it works fine, I get a 301 as expected:

anrope@anrope-desktop:~/tmp$ curl -s -v "http://www.bobiler.org"

* Adding handle: conn: 0x1cf8f30

* Adding handle: send: 0

* Adding handle: recv: 0

* Curl_addHandleToPipeline: length: 1

* - Conn 0 (0x1cf8f30) send_pipe: 1, recv_pipe: 0

* About to connect() to www.bobiler.org port 80 (#0)

*   Trying 188.132.200.243...

* Connected to www.bobiler.org (188.132.200.243) port 80 (#0)

> GET / HTTP/1.1

> User-Agent: curl/7.31.0

> Host: www.bobiler.org

> Accept: */*

> 

< HTTP/1.1 301 Moved Permanently

< Content-Type: text/html; charset=UTF-8

< Location: https://www.bobiler.org/

* Server Microsoft-IIS/8.0 is not blacklisted

< Server: Microsoft-IIS/8.0

< Date: Wed, 21 Jan 2015 21:59:01 GMT

< Content-Length: 147

< 

<head><title>Document Moved</title></head>

* Connection #0 to host www.bobiler.org left intact

<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.bobiler.org/">here</a></body>

When I request with go http client (https://play.golang.org/p/151uzXYOfh), I get a 'connection reset by peer' error:

anrope@anrope-desktop:~/tmp$ go run bobiler.go 

2015/01/21 16:59:11 Get https://www.bobiler.org/: read tcp 188.132.200.243:443: connection reset by peer

exit status 1

I took a look at the wireshark capture, doesn't seem to be any significant difference in responses.

My guess is something to do with bobiler.org's behavior after finishing the http response doesn't agree with the go client's implementation of HTTP, but I can't nail it down. Not sure if this is a Microsoft IIS 8.0 issue, or something custom on bobiler.org's end.

Does anyone have any insight? Is there something I can play with in the http package or another go package to fix this?

[James Bardin]

Curl is just showing you the redirect to https. The go client is following the redirect, and connecting via https.

It doesn't like the go tls client for some reason, and doesn't even fail the handshake; it just resets the connection.

Try connecting with tls.Config.MaxVersion set to tls.VersionTLS11 or tls.VersionTLS10 and see if it accepts that. If that doesn't work, it would have to be remedied on the server side (it's probably already a failure on the server side as it is).

[James Bardin]

On Wed, Jan 21, 2015 at 7:23 PM, James Bardin <j.ba...@gmail.com> wrote:

Try connecting with tls.Config.MaxVersion set to tls.VersionTLS11 or tls.VersionTLS10 and see if it accepts that. If that doesn't work, it would have to be remedied on the server side (it's probably already a failure on the server side as it is).

Tried this out, and you can connect if you set MaxVersion to VersionTLS11. The server responds immediately to the client hello with an RST/ACK, so I don't think there's much else to debug client-side. I hate this workaround, especially if that client needs to connect to a lot of other servers that do work properly.

I also tried changing the TLS record version (which is normally hard-coded to tls1.0 for compatibility), but got the same lack of response. I'd kind of like to know why I've seen this with a few IIS servers, if only out of curiosity.